AC-5893: Replace Zend_Acl with laminas\laminas-permissions-acl

Author: karyna-t

app/code/Magento/Authorization/Model/Acl/AclRetriever.php

@@ -21,8 +21,8 @@
  */
 class AclRetriever
 {
-    const PERMISSION_ANONYMOUS = 'anonymous';
-    const PERMISSION_SELF = 'self';
+    public const PERMISSION_ANONYMOUS = 'anonymous';
+    public const PERMISSION_SELF = 'self';
 
     /**
      * @var \Psr\Log\LoggerInterface
@@ -117,7 +117,7 @@ public function getAllowedResourcesByRole($roleId)
         /** @var \Magento\Authorization\Model\Rules $ruleItem */
         foreach ($rulesCollection->getItems() as $ruleItem) {
             $resourceId = $ruleItem->getResourceId();
-            if ($acl->has($resourceId) && $acl->isAllowed($roleId, $resourceId)) {
+            if ($acl->hasResource($resourceId) && $acl->isAllowed($roleId, $resourceId)) {
                 $allowedResources[] = $resourceId;
             }
         }

app/code/Magento/Authorization/Model/Acl/Loader/Rule.php

@@ -104,7 +104,7 @@ private function applyPermissionsAccordingToRules(Acl $acl): array
             $resource = $rule['resource_id'];
             $privileges = !empty($rule['privileges']) ? explode(',', $rule['privileges']) : null;
 
-            if ($acl->has($resource)) {
+            if ($acl->hasResource($resource)) {
                 $foundResources[$resource] = $resource;
                 if ($rule['permission'] == 'allow') {
                     if ($resource === $this->_rootResource->getId()) {

app/code/Magento/Authorization/Model/Acl/Role/Generic.php

@@ -5,9 +5,11 @@
  */
 namespace Magento\Authorization\Model\Acl\Role;
 
+use Laminas\Permissions\Acl\Role\GenericRole;
+
 /**
  * Generic acl role
  */
-class Generic extends \Zend_Acl_Role
+class Generic extends GenericRole
 {
 }

app/code/Magento/Authorization/Test/Unit/Model/Acl/AclRetrieverTest.php

@@ -165,9 +165,9 @@ protected function createAclRetriever()
         /**
          * @var Acl|MockObject $aclMock
          */
-        $aclMock = $this->createPartialMock(Acl::class, ['has', 'isAllowed']);
-        $aclMock->expects($this->any())->method('has')->willReturn(true);
-        $aclMock->expects($this->any())->method('isAllowed')->willReturn(true);
+        $aclMock = $this->createPartialMock(Acl::class, ['hasResource', 'isAllowed']);
+        $aclMock->method('hasResource')->willReturn(true);
+        $aclMock->method('isAllowed')->willReturn(true);
 
         /**
          * @var Builder|MockObject $aclBuilderMock

app/code/Magento/Authorization/Test/Unit/Model/Acl/Loader/RuleTest.php

@@ -114,7 +114,7 @@ public function testPopulateAclFromCache(): void
             );
 
         $aclMock = $this->createMock(Acl::class);
-        $aclMock->method('has')->willReturn(true);
+        $aclMock->method('hasResource')->willReturn(true);
         $aclMock
             ->method('allow')
             ->withConsecutive(

app/code/Magento/Backend/Model/Auth/Session.php

@@ -152,7 +152,7 @@ public function isAllowed($resource, $privilege = null)
                 return $acl->isAllowed($user->getAclRole(), $resource, $privilege);
             } catch (\Exception $e) {
                 try {
-                    if (!$acl->has($resource)) {
+                    if (!$acl->hasResource($resource)) {
                         return $acl->isAllowed($user->getAclRole(), null, $privilege);
                     }
                 } catch (\Exception $e) {

app/code/Magento/Config/Controller/Adminhtml/System/ConfigSectionChecker.php

@@ -6,6 +6,7 @@
 
 namespace Magento\Config\Controller\Adminhtml\System;
 
+use Laminas\Permissions\Acl\Exception\InvalidArgumentException;
 use Magento\Framework\Exception\NotFoundException;
 
 /**
@@ -41,11 +42,14 @@ public function isSectionAllowed($sectionId)
     {
         try {
             if (false == $this->_configStructure->getElement($sectionId)->isAllowed()) {
+                // phpcs:ignore Magento2.Exceptions.DirectThrow
                 throw new \Exception('');
             }
             return true;
-        } catch (\Zend_Acl_Exception $e) {
+        } catch (InvalidArgumentException $e) {
+            // phpcs:ignore Magento2.Exceptions.ThrowCatch
             throw new NotFoundException(__('Page not found.'));
+            // phpcs:ignore Magento2.Exceptions.ThrowCatch
         } catch (\Exception $e) {
             return false;
         }

dev/tests/integration/framework/Magento/TestFramework/Bootstrap.php

@@ -4,27 +4,28 @@
  * See COPYING.txt for license details.
  */
 
+namespace Magento\TestFramework;
+
 /**
  * Bootstrap for the integration testing environment
  */
-namespace Magento\TestFramework;
-
 class Bootstrap
 {
     /**#@+
      * Predefined admin user credentials
      */
-    const ADMIN_NAME = 'user';
-    const ADMIN_PASSWORD = 'password1';
-    const ADMIN_EMAIL = 'admin@example.com';
-    const ADMIN_FIRSTNAME = 'firstname';
-    const ADMIN_LASTNAME = 'lastname';
+    public const ADMIN_NAME = 'user';
+    public const ADMIN_PASSWORD = 'password1';
+    public const ADMIN_EMAIL = 'admin@example.com';
+    public const ADMIN_FIRSTNAME = 'firstname';
+    public const ADMIN_LASTNAME = 'lastname';
     /**#@- */
 
     /**
      * Predefined admin user role name
      */
-    const ADMIN_ROLE_NAME = 'Administrators';
+    public const ADMIN_ROLE_NAME = 'Administrators';
+    public const ADMIN_ROLE_ID = 1;
 
     /**
      * @var \Magento\TestFramework\Bootstrap\Settings

dev/tests/integration/framework/Magento/TestFramework/TestCase/AbstractBackendController.php

@@ -5,6 +5,9 @@
  */
 namespace Magento\TestFramework\TestCase;
 
+use Magento\Framework\Acl\Builder as AclBuilder;
+use Magento\TestFramework\Bootstrap;
+
 /**
  * A parent class for backend controllers - contains directives for admin user creation and authentication.
  *
@@ -125,9 +128,9 @@ public function testAclNoAccess()
         if ($this->httpMethod) {
             $this->getRequest()->setMethod($this->httpMethod);
         }
-        $this->_objectManager->get(\Magento\Framework\Acl\Builder::class)
-            ->getAcl()
-            ->deny(null, $this->resource);
+
+        $acl = $this->_objectManager->get(AclBuilder::class)->getAcl();
+        $acl->deny($this->_auth->getUser()->getRoles(), $this->resource);
         $this->dispatch($this->uri);
         $this->assertSame($this->expectedNoAccessResponseCode, $this->getResponse()->getHttpResponseCode());
     }

dev/tests/integration/testsuite/Magento/Backend/App/AbstractActionTest.php

@@ -5,6 +5,8 @@
  */
 namespace Magento\Backend\App;
 
+use Magento\TestFramework\Bootstrap;
+
 /**
  * Test class for \Magento\Backend\App\AbstractAction.
  * @magentoAppArea adminhtml
@@ -91,7 +93,7 @@ public function testAclInNodes($blockName, $resource, $isLimitedAccess)
             ->get(\Magento\Framework\Acl\Builder::class)
             ->getAcl();
         if ($isLimitedAccess) {
-            $acl->deny(null, $resource);
+            $acl->deny(Bootstrap::ADMIN_ROLE_ID, $resource);
         }
 
         $this->dispatch('backend/admin/dashboard');